libmikmod (3.1.11-6ubuntu3.9.04.1) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via incorrect channel count
- debian/patches/CVE-2007-6720.patch: use channel count of current
song in playercode/mplayer.c.
- CVE-2007-6720
* SECURITY UPDATE: denial of service via XM file
- debian/patches/CVE-2009-0179.patch: fix file format in
loaders/load_xm.c, handle error in playercode/mloader.c.
- CVE-2009-0179
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via Impulse Tracker and Ultratracker files
- debian/patches/CVE-2009-3995f.patch: check number of channels in
loaders/load_ult.c, check volpts in loaders/load_it.c.
- CVE-2009-3995
- CVE-2009-3996
* SECURITY UPDATE: incomplete fix for CVE-2009-3995
- debian/patches/CVE-2010-2546.patch: do further validations in
loaders/load_it.c.
- CVE-2010-2546
- CVE-2010-2971
-- Marc Deslauriers <email address hidden> Wed, 22 Sep 2010 09:59:22 -0400